Netgate pfSense Reviews

My use case involved having a firewall from a different vendor, which was taken over and used as a bot in a network. This incident made me reconsider my firewall provider. 

I integrated pfSense, and I have not encountered any issues since. Initially, I used it as freeware as a virtual box, and it performed well. 

About two and a half years ago, I transitioned to physical boxes. We have more than one. My use case was to connect two offices and create an extended LAN using pfSense for point-to-point connections between the data centers.

I have never had an issue with pfSense, except when attempting to configure it. When left as is, it functions well.

Support is very good.

It is rather flexible.  

Having enterprise support was immensely helpful since I have run into problems using a plugin. Without it, I might have needed to purchase a new box.

I do use pfSense Plus. We had downtime before pfSense. We've never gone down using the solution. We haven't had any performance issues.

I like the plugin systems, even though I feel like I'm playing roulette. I'm not sure if it does what I want it to do or if it will break the original capability of pfSense. Plus, having all of these dependencies may be a liability. While I appreciate their availability and wish to develop my own plugins, time constraints hinder that. 

Since the language used in the documentation is difficult for a non-English speaker, I find it hard to understand. It assumes they understand the words that are used and sometimes I feel I need to get out a dictionary to get handle on what they are talking about. They need to simplify the language a little bit. 

Using a plugin for reverse proxy allows multiple URLs to listen on port 80, rather than a single IP address for multiple servers, however, this requires changing the default port of pfSense. When I changed the default port, I experienced difficulty accessing the device. I thought my password was incorrect, when in fact, the port change was the issue. I had to connect to the physical device using a special cable. While I found this surprising, I am too paranoid to use SSH due to its perceived vulnerability.

We're a security company. We provide solutions to prevent hacking. pfSense is really good at preventing outside access; however, as an attacker, there are endless opportunities to attack. There's no way for me to know who or what pfSense is blocking or preventing. pfSense doesn't tell you any information.

I've been using the solution for two to three years. 

I receive popup notifications indicating that we have run out of memory due to some unknown reason, despite using only 20% of the device's memory. I am unsure of the cause. There is nobody that can give me a good answer to this issue. Occasionally, I receive emails from sales about updates, however, sometimes, the device does not detect these updates.

We have not reached the point where it becomes stressed. Our device isn't that big in terms of size since we don't have a lot of big users. No one has complained of buffering or response times. Our internet is likely slower than our pfSense. 

I was really happy having enterprise support when issues arose. Without this support, I probably would have bought a new box.

We have premium support. It helps me as I didn't feel comfortable with all of the responsibility. It's helped us with tech IDs and getting into the system when there have been issues. 

Positive

Management provides a budget for purchases. Initially, I bought a product based on appealing flyers and sales promises. However, after purchase, I realized it was not as secure as anticipated. I liked that pfSense started off as partially open-source. We trusted the technology.

We don't do cloud services. We have an on-premies setup and wanted to use pfSense in our on-premises cloud. It works really well and we are very comfortable with it. We do a lot of research with nasty malware and have not seen anything able to hack it yet. We've done so many deployments that we're very comfortable with the setup and capabilities.

You just power it on and follow the Wizard. If somebody has never done any firewalls, they should do what the tech says.

I'm the only person that is allowed to touch it and I'm the only one with access. We have four sites and no issues. We've abused one of the plugins, the pfBlocker, that has a subscription URL that can get malicious actors and help us block their IP. We can update the firewall rules almost in real-time. That's the basic maintenance we do. It's mostly automated.

There are occasional updates, and we get notices. Sometimes, the devices do not see the update, and I get paranoid that it's a phishing attempt. I'm not sure of this is a bug or not. 

If instructed by my boss, I can complete tasks within four hours, adhering to pfSense's SLA. I don't mind being challenged. 

Monetary concerns are not my focus; I cannot justify saving on the firewall for personal expenses. 

I would recommend the solution to other users, including potential government clients. I've invited others to try and hack it, to showcase how robust it is, and no one can. It's impressing people. They're saying, "I need to get one of those."

I would rate the overall product seven out of ten. I'm stressed out by the documentation. I do have an interest in doing a pfSense certification course. The documentation is holding me back from giving me a ten. 

We use pfSense as an edge router for customers. I use pfSense Plus. We're using Netgate boxes preconfigured with pfSense.

PfSense gives our customers high security, and it's easy to implement. Most customers are looking for a VPN, so we set up a static IP that makes the VPN easy. The benefits of pfSense are immediate. It has a few features that prevent data loss, such as backups and creating rules. It does packet inspection to ensure large known malware does not get through to the end users.

It offers features that help us prevent downtime, but that doesn't apply to our customers. It has failover, so if an internet line were to go bad, you could failover to another line. That doesn't apply to our customers because they can't afford a second internet line. 

I appreciate the depth of what you can do with pfSense and the simplicity of the initial setup. One thing we've done is create an image, and when we get a new customer who needs a device, we can put that image on there. The image gets them up to 90 percent of what we need them to have, and we only have to customize the remaining 10 percent. PfSense is incredibly flexible. It's complicated, but it's incredibly flexible.

We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. 

We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. 

I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that.

It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly.

I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.

We did have one issue with sales. Contacted them with a question and never received a response.

I have used pfSense for 12 years.

I give it an eight out of 10. I've never had any lag or downtime.

The higher-end boxes have a lot of scalability. You can run pfSense on a Unix box and add cards or all sorts of things. If you had a powerful Unix box and hot spot-able, there would be a lot of scalability to it. I primarily use their Netgate appliances from the 1100 to 2100 hundred, so the scalability is limited. 

The old 3100 had a lot more scalability than its replacement the 2100. But the next step up now is to the 4100, which gives you an additional preconfigured WAN port that allows you to easily separate networks. It jumps from $400 to $900.

I rate Netgate support eight out of 10. They're great. I called about an issue with a bad box. They answered the phone and I got somebody who was highly familiar with the product. He had me try several troubleshooting things, identified that the box was bad, and got me a replacement. 

Positive

We’ve used SonicWall and switched due to cost. Though SonicWall is easier to manage, the on-going costs are prohibitive.

The deployment difficulty depends on what you need to do. Let's say you get a box and plug it into your network, but you can't get it to work, so you call the folks at pfSense. They will help you configure it so that you can ping a remote device. That's pretty easy. 

I gave one of the pfSense boxes to one of my people who has minimal knowledge about setting up network devices. He could get it to ping in about 25 minutes. Then, I asked him to add a VLAN, and he's still working on that. That's been two and a half months. If someone needs something to put on their network, it's pretty easy, but if you want the full benefit of a firewall, it may take a while. One person is enough to do it. After deployment, you just need to do some periodic firmware updates. 

PfSense's pricing is reasonable. However, support is relatively expensive for smaller customers, and you need to pay per device to get it. So if Customer A is having an issue, I have to get support, and then I have to get support for Customer B, and so on. It would be nice as a managed services provider to get support for my company rather than individual devices.

I would compare the total cost of ownership to SonicWall. We can compare the basic functions of the Netgate 2100, the model we use most, to the SonicWall 3500. They have very similar functionality. The cost of the 3500 was closer to $4,000.

I rate Netgate pfSense eight out of 10. I recommend doing a lot of research or spending the $500 to get the extended support. 

I was looking to improve my security posture. Bottom line, I just wanted really high-quality cybersecurity. When I look at appliances for cybersecurity, they can get up to almost seven figures for some businesses. So, this was a good compromise for me.

It optimizes performance right away. That is apparent to your everyday user. It makes the whole system work better and more efficiently. When there is an intrusion or an attack, it's very easy to eradicate the issue. 

Before having the cybersecurity mechanisms I have now, even with VPNs from the App Store, I faced issues like hijacks that became multi-day issues where I had to perpetually get into some type of power struggle through remote based issues from another cyber threat. For example, in October 2022 or 2023, I sat down at my computer to move files from a cloud-based drive to an external hard drive. I opened the cloud drive, and all the files had been corrupted/damaged intentionally. Someone specifically corrupted the entire iCloud Drive. I called tech support, and the next day, there was an iOS update. Since I implemented the security appliance, I haven’t had this issue. 

It means there's a better level of security in terms of what you can build into your system than is available through downloadable software.

pfSense helps prevent data loss:

I haven't had one issue of data loss since implementing it. Previously, I had to file reports with the FBI and CIA because the intrusions were so serious. These documents had criminal penalties associated with tampering. I haven't had one of those instances since using pfSense. Netgate and pfSense are good go-tos, even for the government. They often use Netgate as their server, and the military uses it too. The fact that the American military and foreign militaries use Netgate was a big selling point for me. It's good quality for what you pay.

It's a really great entry-level way to see how much, and it's scalable, too. When you talk about flexibility, the important thing to know is that the appliance and the software are scalable, too. I can start at the entry-level point, or I can build in and scale it up to enterprise-quality software, too.

pfSense Plus:

I use pfSense Plus. I use VoIP through the router. 

It minimizes downtime in terms of having to debug and things of that nature. When there's an intrusion, it doesn't turn into a multi-day issue. It took me about ten minutes to eradicate one aggressive intrusion. Simple maneuvers resolved it quickly, avoiding days on the phone with tech support. 

There was an instance where my firewall software—I don't know what happened exactly—but I did have to call tech support. Something happened where my firewall needed to be completely reconfigured.

So, are the entry-level ones invincible? No. But do they save you tons of effort in terms of preventing a lot of problems that could get worse? Yes. It's like a preventative measure to cancer before it spreads. It helps you catch things quicker before they spread and become something bigger.

The visibility that pfSense Plus provides helps us optimize performance. I feel more comfortable exchanging information and having personal conversations. It makes me more comfortable, more confident that what I'm doing is not... Some people I even work with are just not comfortable to talk openly. Some people are very email-retentive, like, "Do not click that hyperlink on this computer system. Don't do this or that." So it's understandable with some people.

It absolutely optimizes my entire computer system. In fact, I'm opening a brick-and-mortar storefront, and I'm going to use pfSense. Actually, I'm going to step it up to the TNSR software, but I use the Netgate routers because it optimizes performance. I feel comfortable to have a small to medium-sized office operating off this stackable network I'm creating. It's still a prototype, but I can have six screens, and that's really all I need. I can probably get six screens or five screens and a hardwired payment processing system at most if I need it.

Plus on Amazon EC2 VMs:

I haven't tried it recently. I did in the past, but I didn't have it configured correctly, so I can't truthfully comment on it. It was more complicated than I could set up. Like I have to pay for that. I can download the AWS EC2 application, launch the instance from a cellular device, and intermesh the cellular device into the router. That's also extremely valuable if I want to have a coworking situation where everyone's on my network a certain way, so when I do exchange information, it's highly confidential.

I get a mesh VPN network. I can have an enterprise-grade VPN for the business without spending too much. That's important for some people. 

For me, I liked the pfBlocker, which is pfSense's firewall. I get a couple of different options with the firewall. I can use AWS as your provider to pass data through AWS's workstations to the router. There are a ton of important features. 

I can build an instance, have it move through the router, and then be just cellular. There are so many great features. 

I haven't even completely finished configuring it, and it's an ongoing process. There are always new, innovative, great things I learn. It's like a little gadget with a lot of great features. It's hard for me to decide what I like best and don't like.

It's pretty easy to customize. Once anyone gets past the technical jargon, it's highly flexible.

I would like to see a subscription-based tech support option as opposed to this flat yearly rate. I'd like to see more of a monthly tech support feature. I think that would be helpful for a different type of consumer. So, there could be more room for Netgate to expand. To me, it would have been nice to have a little bit more tech support at first. 

But since I'm becoming so satisfied with this system I'm developing, I'm gonna step up anyway into the TNSR software. And when I do that, I get unlimited tech support.

So, it's kind of like this: if I don't want to pay for tech support, I teach myself and learn how the device works. And that's what I've basically done to this point. It's pretty plug-and-play  but some of it is, like, if you don't configure it correctly, it just doesn't work.

I had a couple of instances where I was setting it up, and I set it up a certain way twice where I just didn't configure it in a way that it worked. I put so many security features in that I had locked myself out from even being able to log in. 

So, it would be better to make tech support more accessible because they're really good at what they do, like behind the scenes. They know how to configure things through the terminal differently than I was.

System Reports:

Reports would be good, like system reports and functionality. Dumbing it down a bit more would help, too. We do have a Setup Wizard , but it is even less complicated in terms of setting it up because the user guide is 2,000 pages long.

So, the manual itself is, like, 2,000 pages for this device. If Netgate could make it a little bit less complicated for users. But, part of this appliance goes to IT departments anyway. So, they're more adept at setting it up than your average consumer. So that's generally who buys these things and sets them up. It's like your IT community usually gets involved with these because they understand that when you buy a computer, and you just start logging into the Internet, you've created a sort of dangerous atmosphere that not everybody understands by not making it safer. Everybody understands that when you log in if you don't even play with the settings on your computer. You're basically just setting yourself up to put your data out there like it's some type of free-for-all.

I bought my first router from pfSense in early 2023. It was pfSense's entry-level appliance, around January last year. I was so impressed with it that I stepped up to the 8200 level, which is one step beneath a TNSR-grade server. pfSense has two models of appliances that are higher than the one I have before I get into more elaborate appliances with different companies. 

I've stayed with this one for a year and a half now. I still have the original, which is nice. I bought it to use for a prototype concept that was built in. It worked, so I stepped it up.

I don't really know how to compare it to anything more elaborate. For my purposes, it's been a ten out of ten in terms of what I was expecting.

Scalability was definitely what I was looking for, so I would give it a ten out of ten for my business needs. It's perfect right now. 

If I can't get that level of security or sense of security, I can always stack the units more cost-effectively than going with something like Fortinet or Cisco. 

I'd almost rather stack the appliances at this price point than get into a $7,000 to $ 10,000 appliance. I get a lot of security just by stacking them, too. So, I'd rate it as highly scalable. I'd give it a ten.

The customer service and support are excellent, especially when they're supposed to charge you and they don't. When my entry-level router was fried and needed to be rebuilt, they did it from scratch, they made it seem easier than I would have ever been able to do. 

I had to download software onto a USB drive, insert the USB drive into the router, and then rebuild it from scratch because, for whatever reason, it was completely trashed.

So, I get tech support, and I pay for it. Unless I get the enterprise software, which includes unlimited tech support. Initially, I called tech support for help, and they were always willing to assist but reminded me of the limitations because I hadn't bought the support packages. Their tech support is excellent, 24-hour, and multinational.

Positive

I used some other DNS-quality firewalls, but they were cloud-based.  Like cloud-based DNS providers, but not an appliance base. That's why I bought Netgate pfSense bottom-line product to test out a prototype concept. I was satisfied with it, so I set it up to be highly competitive against everything virtually, except maybe a really high-end computer lab that could cause some type of intrusion.

Buying it, brainstorming, and waiting for it, as they build each one for you, which takes about two weeks. 

I wanted it partially because it's not one of these fantastically elaborate routers that you would just want to be completely encapsulated and protected a certain way. This is the kind of router that I wanted to be able to bring around with me, too, because I created a mobile stackable cellular network with it.

I have it attached to an entry-level desktop that was not custom-made or custom-built but premanufactured. But it worked well. I wanted more processing speed than I have now. I just didn't have time to step up my processor. But, unfortunately, with the system I'm on now, you can't switch them. So it's fine. It's a grade lower than what I wanted, but it's fine.

Creating a Portable Network:

But what is good about this is that it does work for what I was trying to do, making it mobile, stackable, and cellular. I can put a laptop. I can get a laptop as long as it has, like, a hard drive, and I can download the SI Labs, the Silicon Labs software onto the laptop. Then, I can connect the router to the cellular, like a cellular modem, which is what I have. I have one of these Netgear Nighthawk mobile cellular so it's like a cellular modem. So, I put in a SIM card with unlimited data. I connect the the Netgate router to the cellular modem, and now I connect the computer to the router. And if it's a laptop, I can connect all of this to, like, a portable network, and now you have a portable network. So I have, like, a portable point server if I want for significantly less.

Security Considerations:

You're not gonna get that level of cybersecurity on a mobile device unless you configure it that way. I mean, you could. You'd have to be getting into, like, your your, like those kinds of vans that you see on movies where they have, like, like, those vans where they're doing, like surveillance and intelligence work.  Netgate pfSense is pretty excellent quality if you wanna sit at a cafe and feel comfortable doing business and things, not being on their Wi-Fi.

Future Deployment Plans:

Right now, I'm getting ready to put enterprise-grade software on my devices exclusively; that's what I'm going to do until I get the business off the ground. 

The real deployment will be once I'm transacting service-related business against the appliance. I'm going to open a healthcare practice in Europe. I have a business in the United States that I structured to be a multinational business. I'm going to take this network and put it into a 30 to 60-square-meter office space.

I'll probably have about ten employees, but none of it will be for their personal devices. The purpose of the network will be to offer a secure Wi-Fi network to my patrons and to set up payment processing and other business-related tasks. It's going to be a small scale, with maybe six computer screens tops.

I have seen ROI, it saved me time by preventing frustration and loss of content, data, and time. The confidence it provides also pays for itself. 

I used to deal with intrusions weekly, spending anywhere from an hour to several hours each time. Now, it's less tedious and frustrating to optimize and eradicate threats and intrusions. 

It’s like a high-maintenance car that needs fine-tuning but ultimately runs smoothly.

It's highly cost-effective for both the average consumer and business users. It's highly competitive, which is why so many people use it. It's extremely down-to-earth compared to Fortinet or Cisco, Netgate doesn't reach that financial tier but is extremely competitive and extremely cost-efficient. They offer superb levels of service for what we pay. 

Currently, my setup is for a small to medium office. My first one was more for a home-based office—you could have a printer, computer, some gaming systems, TV. I would do a personal office with my first one, and this next one for a small to medium-sized office business for myself and others. I feel comfortable with that.

And they're also stackable, so I can scale it that way. It's highly scalable. It's really something worth playing with. And they offer a return policy, which is fair too, for the security appliance too.

The total cost of ownership of Netgate pfSense:

It's basically a one-off deal, which is good. You might consider building in installment payment options on the Netgate website, possibly with services like Afterpay or Klarna. This could appeal to noncommittal consumers. Personally, I would just pay cash upfront for my clients.

I'm clearly recommending it to others. It's scalable, cost-effective, practical, and down-to-earth. It's enterprise quality. It has a reputation that even the military endorses openly. When you buy something described as indestructible, and even the military uses it for their security, it says a lot. The government also uses it, testing prototypes and various things of that nature with it. 

If someone looks at the website, they'll see a large naval ship where cadets are operating off that prototype, testing if they could use the step-up with the pfSense software. They were using a higher-grade appliance with pfSense software to see if it was feasible. This shows that it's practical because the price point is unbeatable for that level of quality.

The solution for me is a ten. It's still a prototype, but I'm confident I can meet the needs of a medium-sized office with ten to twenty employees. However, scaling it up for something like an Airbnb with a high level of traffic is uncertain. It's not like a navy ship with a hundred military personnel. For my needs, it's perfect. 

It's a solution for my personal needs, and I feel confident about it. Looking into the future, scalability-wise, I think it meets my needs. But when you get to a different level of e-commerce, I'd be interested to hear their perspectives too.

I use it for my firewall at home and when virtualizing labs to do routing between different network segments. I use it in the business that I am currently with at our main office and our other site. I worked at an MSP before that, and it was the firewall that we recommended to clients who wanted to go beyond what you'd buy at Best Buy, like the random Linksys or Netgear. I haven't touched the enterprise level, like the expensive ones where you might have 20 different Netgate segments with failover.

We deploy it either on bare metal or virtualized on our own virtualization platform. We have not deployed it on any cloud. The primary cloud services we use are software as a service, so our firewall doesn't apply to that. If we ran our own set of servers in the cloud somewhere, we'd probably consider pfSense for routing between them, but we don't have that use case.

When I started using it back in the day, someone told me that there's this firewall you can install on an old PC to get all these features that are normally only available on expensive enterprise firewalls. 

I realized the benefits immediately. When I installed it, I had access to features like multi-WAN, which is more common now. You can get small home office routers with multi-WAN these days, but when I started a decade ago, it cost thousands of dollars and required enterprise equipment. It was mind-blowing that I installed it and could hook up two Internet connections for no extra money.

It doesn't directly prevent data loss because pfSense doesn't have a DLP function, but the security aspects, like the pfBlocker, ClamAV plugin, and proxy, are all great. The security components help prevent data loss by securing the network. As far as I know, pfSense doesn't have a data loss prevention function that scans for somebody trying to exfiltrate data. 

The failover or load-balancing WAN helps reduce downtime. It also supports high availability between two firewalls, although I've never set that up. Those would minimize downtime of the firewall individually and the company as a whole.

We don't use it that way, but it has extensive logging. If you were to dump all those logs into something like Graylog, Elasticsearch, etc., you could analyze and decide based on that data. We don't use it like that, but I know that with the extensive logging that it has, it could be used that way.

PfSense has an excellent ability to optimize performance, especially with the plugins. It helps me determine where my bandwidth is going and get reports on latency, jitter, etc. I use all of these features regularly. If the internet is slow, I can go see who's hogging it by downloading giant files, or I can identify where there's a lot of latency on a particular gateway.

I like that there's a community edition that I can install on my own virtual machines or hardware. I can test things without messing with them in production, which is incredibly useful. If you have a Juniper or Cisco, you can typically only afford one. 

You're forced to make changes in production and hope they don't break anything because there's no easy way to have a testing environment. The free version of pfSense offers load balancing or failover WAN, which is also helpful. Most commercial firewalls don't have that in the cheapest iteration of the hardware. 

The community edition makes it easy to learn because you can try it before buying it and putting it in production. There's no equivalent if you want to buy FortiGate, WatchGuard, or any of those and fiddle with them on your hardware before putting it in production.

Many plugins for pfSense are easy to install off the store, and they work. The basic function that you want to do are pretty easy. However, it is more complicated than your average home office router, but that's to be expected. The fact that it is an open-source project that's trying to be all things to all people does mean that sometimes things can get a little bit complex, sometimes unnecessarily. For example, the IPSec VPN setup has five hundred options, probably more than anyone needs, but it works. Their documentation is excellent. In instances where you might not figure it out on your own or the interface might not be super clear on how to do something, the documentation is usually good 99 percent of the time. 

I appreciate pfSense's flexibility. I can buy supported hardware from Netgate with it already on there, buy support for my own hardware, or run the community edition on my own hardware or a virtual machine and get all of the same functionality. 

Snort or Suricata don't block things they should out of the box. It's always been a pain point of pfSense. If you turn on Snort or Suricata for IPS or IDS, no setting is effectively set and forget. Turning any commercial firewall to the lowest setting will provide you with a decent amount of security with almost zero false positives, but pfSense is not that way. You've got a babysit Snort and Suricata to the point where sometimes you turn it off.  

I know one of their rising competitors, OPNsense, has the ETS rules. I forget who provides it, but you turn on a rule set, and they just work. They have a built-in set of rules for Snort and Suricata that you turn on and it provides a reasonable amount of security. That has always been a pain in the neck with pfSense. It's the single biggest thing that they could do to improve it. Honestly, they're losing business OPNsense for that one reason. 

I have used pfSense for at least 10 years.

As long as you don't use bad hardware, it's fine. PfSense has issues with some Realtek network chips. If you use bad hardware and get bad results, it's your own fault. I usually have as much uptime as there is between patches. It's highly solid after reboot other than installing the most recent patch.

I've never used pfSense at the high-end enterprise scale, but it can scale nearly infinitely as far as I can tell. There's a higher-level pfSense that's carrier grade that can handle hundreds of gigabit routing. We've got a Netgate plan and never had any problems. 

We see solid performance no matter what we're running on it. The fact is that it can run on a low-end, low-power fanless ARM CPU for a branch office. PfSense is usable in a lot of situations. It's also extremely scalable, which is also flexible in the sense that you can install it on some random old PC that you have at your house and use it for your home firewall. You can also use it in an enterprise with a multi-gigabit incoming connection and thousands of clients.

I rate Netgate support nine out of 10. I have contacted them a couple of times over the years. Each time I called them, they solved my problem or gave me a workaround within a reasonable time. It seemed like the people I talked to knew what they were doing. Sometimes, you call technical support and end up with first-level tech support who reads off a script. They don't listen to a word that you say and tell you to do all the things you've already done. 

I've been able to get people who ask pertinent questions and ask for logs. They remote into my machine or SSH into the firewall, so I'm happy with it. It was worth the money that we paid when we needed it.

Positive

I have used Smoothwall and OPNsense. Back then, I used to have a weird firewall that I can never remember. If you count OpenWRT, a replacement firmware for Linksys, as a firewall. However, you can't install it on any x86 OS that you want.

It depends on whether the user is familiar with general concepts like putting an ISO on a flash drive and booting off of it using some basic command line. It's very easy if they've installed operating systems before and understand how to boot off a flash drive. Flash the image to a flash drive and boot off it, then follow the prompts. If they don't have that basic experience, I wouldn't tell them to deploy it themselves. I'd tell them to buy a box from Netgate with support. 

That can be tricky if you've never done it or don't understand the concept of moving off of a flash drive and installing an OS. There's not anything Netgate can do about that because there are thousands of different pieces of hardware you can try deploying pfSense to, and pfSense can't give specific detailed instructions for every one of them. That's when you go buy Netgate. 

The first time, it took me days because I had no idea what I was doing. Now, I can set up a pfSense with good basic functionality in an hour. It doesn't take very long. I've probably done it hundreds of times now.

After deployment, you've got to install patches periodically. If you're using Snort or Suricata, you've got to pay attention to those. If you're using pfBlocker, you've got to install patches. If you're not using any of the plugins like Snort, Suricata, pfBlocker, Grid, or any of those sorts of things for advanced functionality, then there isn't any maintenance other than periodically installing your patches like anything else. 

The community edition provides all of the basic functions for free on your own hardware, and pfSense Plus comes with a Netgate appliance. It's a reasonable $200 bucks or so to buy pfSense for your hardware, and then it's $800 or $900 a year for commercial support, which is also reasonable for a firewall.

It's hard to gauge the total cost of ownership because there's a free, open-source version that, if you know a lot about pfSense already, it's almost zero cost. You can run it on any old hardware you've got. If you need support and multi-gigabit IPSec WAN speeds, you'll need to pay for that, but you will with anybody. 

I rate Netgate pfSense eight out of 10. They could polish up a few things, especially regarding IDS/IPS rules. A few interface things are a little more complicated than necessary. 

If you're moving to pfSense from a random Linksys or Netgate router, you need to realize it will be more difficult, and you'll need to learn more about networking concepts than you necessarily had to do with the random router that you've got. It's more complicated like that. 

That's to be expected because you're either a techie kind of person who thinks building your own firewall is fun, and they're willing to spend the time and effort to learn it. Or you want an alternative to FortiGate, Juniper, or whatever, and you want to buy a commercial Netgate product. This is going to be more complicated than the Linksys router I bought for $80 dollars from Best Buy.

I primarily use this for a small single-site, multi-source setup with multi-WAN inputs. I have a main fiber connection and a couple of failovers, and I manage different networks across different segments.

I really enjoy the flexibility of the interface setup configuration for my network VLANs. It is very easy to configure and set, and when I am doing multi-inputs with internet providers coming in, it is very easy to manage and set up with very little effort.

I think the package management and the updating process in Netgate pfSense could be better. Whenever there is a release, knowing that you cannot update any of the packages until you have done the actual operating system update can be confusing. Beyond that, I do not have any major issues. There are generally some user interface updates and tweaks here and there, but this is a lower priority.

They come out about every 12 months, and I know that is one criticism against Netgate pfSense that they are a little slower on development, but honestly, that is probably preferable because it is not constantly updating.

I have been using Netgate pfSense for about eight years in my career.

Netgate pfSense rates a 10 for stability, and I have experienced no issues there.

Scalability works well. I would say it is probably going to be a nine.

They are very responsive. Within an hour, two hours, or three hours, I generally get a response. I have only had to contact them maybe two or three times for very minor issues, but there is no issue there. I think they are very responsive.

Positive

I have used UniFi primarily in the last couple of years, probably three years now, and I have it as a separate site. It is nice, but it is not nearly as configurable. The biggest differentiator is the Netgate pfSense software, particularly the ability to do VPN with regard to Tailscale and OpenVPN, which is very easy to use, whereas UniFi is not ideal. Additionally, the security in UniFi is open by default versus Netgate pfSense, which is closed, and closed is always going to be preferable.

For an entirely new site, it would take some time to configure and set up. If you are coming from an existing setup or configuration, you effectively export the configuration, upload it, and make some minor updates. Even with a booting environment, it is easy to go back or revert to an existing configuration if you make a mistake, so it might take some time, but it is not overly complicated. I would say it requires minimal effort, especially if there is a plan in place ahead of what the structure will be.

One person can do it, but you are going to need to be testing. Honestly, it is not anywhere near as complicated as a larger, more legacy offering, so I think it is very easy.

You are going to have manual updates in terms of the releases, checking those out, doing some testing, and confirming in non-prod environments. It is not that complicated. Even if you have the boot states, you can pretty easily do an operating system update and it is easy to manage. 

I use Netgate pfSense for my side gig customers' firewalls, and also for my home firewall.

One aspect I appreciate most about Netgate pfSense is that it is easy to administer and very straightforward.

I see the benefits of Netgate pfSense immediately due to cost. It costs significantly less than Ubiquiti, Cisco, or other firewalls out there, and it is just easy to manage, which saves me and my customers money.

The packet inspection feature of Netgate pfSense is valuable; I have had to use it for troubleshooting and it provided the necessary data.

The dashboards for managing network traffic patterns and security threats in Netgate pfSense are simple and give me what I need.

Netgate pfSense's plugin ecosystem is very easy to manage; I simply point and click on the plugin and it installs directly, which is very well done.

The stability of Netgate pfSense is rock solid; I have never had any problems with stability.

The initial deployment of Netgate pfSense is very easy; you install it and it just works on the first try.

The downsides of Netgate pfSense include a lack of graphics to show a customer. I would prefer to see a more graphical UI similar to Ubiquiti.

Setting up fault tolerance on Netgate pfSense is difficult to do, and I do not enjoy that part.

I have been using Netgate pfSense for approximately 15 years.

The stability of Netgate pfSense is rock solid; I have never had any problems with stability.

I have contacted Netgate technical support regarding Netgate pfSense once. I had a hardware failure in one of my Netgate pfSense nodes and they provided an easy fix and got the customer back online quickly.

Negative

The initial deployment of Netgate pfSense is very easy; you install it and it just works on the first try.

For a new technician with no experience with any Netgate pfSense products, it would be easy for them to deploy for the first time because they can reference Google or the Netgate pfSense community web pages.

One person can easily do this.

Netgate pfSense costs significantly less than Ubiquiti, Cisco, or other firewalls out there, and it is easy to manage, which saves me and my customers money.

The pricing of Netgate pfSense is incredible; I love the pricing, which is the best part.

I prefer Ubiquiti because of the ease in setting up fault tolerance and the user interface on Ubiquiti.

Netgate pfSense requires just a monthly reboot on the firewalls and that is all. I would give them a 10 out of 10 as they are good. I give this product an overall rating of 8.

I usually use it on premises, and I use it for different purposes. I use it for network security for my infrastructure, and I use it for my web servers and data servers that are on-premises.

My main use cases for Netgate pfSense are proxy servers and IDS/IPS, blocking ads, clearing the network for adware and malware, and monitoring the network flow. 

As an open-source solution, Netgate pfSense is highly flexible because a person with kernel-level or code-level experience can control the firewall as per their requirements, and there are multiple packages and tools readily available to integrate with Netgate pfSense. In the IT industry, most of the tools can be integrated with pfSense.

Adding packages to Netgate pfSense is very easy. I just need to search for the required package and then install and configure it.

Netgate pfSense has a very intuitive dashboard. The information is readily available on the dashboard.

Netgate pfSense has routing facilities that help minimize downtime while having multiple internet connections. If one bandwidth goes down, it automatically diverts to the other. 

Netgate pfSense helps prevent data loss by monitoring data transactions and network protocols, allowing us to block certain amounts of data and implement policies to reduce malware and firewall threats. 

From my perspective, the best feature of Netgate pfSense is the load balancer, as I usually take multiple internet connections. I can use both internet providers' bandwidth as a single network bandwidth, which helps in a very smooth network traffic flow. Netgate pfSense has a very interactive and intuitive dashboard that provides all the major and informative information that is readily available.

Netgate pfSense has positively impacted my organization because when we look at other firewalls or alternatives, they are costly. 

For my requirements and use cases, it is sufficient for me, and I have never faced a need for additional features. AI would always be a plus point, and if pfSense could change its framework from FreeBSD and PHP to a different language and Linux OS, that could enhance security.

I have been providing services for network solutions and network security, and I have been using Netgate pfSense for almost four to five years.

Netgate pfSense is definitely stable; I've multiple sites using it, and they are live right now. I've at least 20 sites operational.

It is a scalable product. I would rate its scalability a seven out of ten.

I have never used the services of Netgate, but I can rate the product itself as a 10 out of 10 because it has been very helpful to me.

Neutral

I have previously used Fortinet and Sophos. The major reason I switched from Fortinet and Sophos to Netgate pfSense was to mitigate the financial aspect, as those alternatives were costing us lakhs.

Deploying Netgate pfSense is very easy because I used to deploy it on my personal hardware. Whatever spare hardware I have, I install it directly on that. Installing and configuring it is very easy for me.

I deploy Netgate pfSense for various companies. There are many startups in India that require a cost-effective solution that allows them to use their hardware and provide basic security. 

Deploying infrastructure for a new company takes me approximately one day, unless there are separate requirements to configure, such as creating usernames and passwords for each user, which may take two to three days.

I do everything in-house by myself. I am the only person involved in the deployment.

I have seen a return on investment with cost savings after implementing Netgate pfSense, as other firewalls would cost me lakhs of rupees while pfSense is free.

Everything we need is covered in the free version of the open-source pfSense. I have never used the licensed version or required certified partner help to implement or deploy anything.

If we are not purchasing any support or incurring any Netgate costs, the total cost of ownership for Netgate pfSense is zero, as it is freely available to download and install, requiring only hardware for deployment.

The cost of other firewalls goes to thousands and lakhs of rupees compared to pfSense, which costs zero. If we opt for Fortinet, it costs about one lakh thirty thousand Indian rupees for the firewall, and then it costs up to almost fifteen to twenty thousand annually for the user subscription. With Netgate pfSense, all those things get covered at zero cost.

I did not evaluate any other options aside from Netgate pfSense because it was the only solution I could find that effectively met my needs. It works for our use cases.

In terms of data-driven decisions, there is a package that can help me understand each and every packet and time. I have not gone through that avenue yet, but it allows us to get all the data for data-driven decisions.

There is a paid feature to increase performance, but there are multiple tweaks available in the advanced settings that can help increase bandwidth or usability based on requirements.

I have not used pfSense Plus on Amazon EC2 VMs because there was no requirement. 

I would rate Netgate pfSense a ten out of ten.

I run a company that is a managed service provider. We supply our clients with products and purchase on their behalf. We install pfSense in their offices or main client offices.

What I like most about the product is that it is simple to use. I use it at home and in other locations. It offers great value for money because there are no licensing issues apart from the support package. I don't have to worry about licenses expiring or the firewall not working. The overall security gain is stable and reliable.

Multi-appliance monitoring and management, like a single pane of glass, would be very nice to have. A centralized management console would help us. There might be improvements to the web UI, which could benefit from a new look. It looks a little dated, although everyone knows where the options are.

I have used the solution for four years.

The solution is stable. I'm happy with the stability, I would rate it a nine. I had some minor issues, like hardware power supply failure after two to three years, but it was rock-solid until it failed.

The solution is pretty much scalable. I would say nine, although I'm not sure why.

I used their support about two times. I don't need much support, as I've managed to fix everything by myself. I would rate it ten because they went above and beyond expectations.

Positive

Sophos was used in some cases. Some clients require products which are used in their other offices.

The initial setup takes about one hour. It is fairly simple and sometimes only takes half an hour, depending on what needs to be done.

We implemented it in-house with one person.

Because we are familiar with the product, the ROI is between ten to twenty percent. We have been saving by having a stable, well-known product.

I estimate it to be between four or five, something like that. I cannot say it is cheap, but it is not expensive either, so let's say three or four.

I usually advise having a solid firewall with a low cost of ownership, which is why I rate it nine. There's room for improvement, as I would love to have more control over the packets. Overall, I would rate the product nine out of ten.